CVE-2025-12788 | Hydra Booking Plugin up to 1.1.27 on WordPress tfhb_meeting_paypal_payment_confirmation_callback access control

Inserito da Angelo Barbosa | Nov 11, 2025 | CVE

A vulnerability identified as critical has been detected in Hydra Booking Plugin up to 1.1.27 on WordPress. This affects the function tfhb_meeting_paypal_payment_confirmation_callback. The manipulation leads to improper access controls.

This vulnerability is listed as CVE-2025-12788. The attack may be initiated remotely. There is no available exploit.

CVE-2025-12788 | Hydra Booking Plugin up to 1.1.27 on WordPress tfhb_meeting_paypal_payment_confirmation_callback access control

Post correlati

CVE-2024-10883 | SimpleForm Plugin up to 2.2.0 on WordPress add_query_arg/remove_query_arg cross site scripting

CVE-2024-34831 | Gibbon Core 26.0.00 library_manage_catalog_editProcess.php imageLink cross site scripting

CVE-2023-48321 | Accelerated Mobile Pages Plugin up to 1.0.88.1 on WordPress Shortcode cross site scripting

CVE-2023-50898 | Sirv Plugin up to 7.1.2 on WordPress authorization